[ATrpms-users] dl.atrpms.net connection problems
David Rees
drees76 at gmail.com
Sat Oct 27 08:52:21 CEST 2007
On 10/24/07, Axel Thimm <Axel.Thimm at atrpms.net> wrote:
> netstat -pan | grep -E 'XXXX:80' | grep -v TIME_WAIT | awk '{print $5}' \
> | sed -e's,:[^:]*$,,' -e's,.*:,,' | sort | uniq -c | sort -n \
> | grep -v '^ *[0-9] ' \
> | grep -v '^ *[0-3][0-9] ' \
> | awk '{print $2 " " $1 " " '`date +%s`'}' \
> | grep -vf /etc/blockedhosts.plain \
> >> /etc/blockedhosts
I think if you changed this to only grep for ESTABLISHED connections,
or also grep -v FIN_WAIT connections as well as TIME_WAIT, it may work
a bit better for avoiding false positives.
-Dave
More information about the atrpms-users
mailing list